By secure i mean, is there anything else someone might want to do before going public with that setup? Of course firewall settings are missing but besides that. Securing apache, php,...?

How many of you guys do actually use just this tutorial and goes public with server?

Why this questions? Well i'm about to set up a debian server and after a few days of looking and reading server setup tutorials, i kinda decided that i will go with this setup plus of course ISPConfig panel.

I'm not new to linux and of course i'm not super advanced user so sorry if this questions are kinda stupid

How many of you guys do actually use just this tutorial and goes public with server?

Click to expand...

I know some people who do...

Most current Linux systems are very secure out of the box, and you have to do a lot of customization to make them more secure which means you cannot use the distribution's regular update packages anymore - which is a major drawback.
If you only run the services you need (e.g. Apache, Postfix, SSH) and nothing more and have a firewall then it's already very secure. For Apache vhosts you can enable suExec and PHP Safe Mode in ISPconfig. Bind runs chrooted; FTP users are also chrooted. Postfix comes with SMTP-AUTH and TLS.
Never had any problems with this setup.

I'm going to use this setup now
Of course i'll change some things like disable root login in ssh, disable some commands in php and so on... but this are the things that are missing in this guide. While i know for most of the stuff what to do, someone who's new might not.

Anyway, thanks for replying and whoever makes this ISPconfig and tutorials, keep up the good work!!

Currently most linux servers where hacked trough insecure scripts on webservers.

Click to expand...

That am aware off

till said:

1) Update your debian frequently to make sure all known bugs are fixed:

apt-get update
apt-get -u upgrade

Click to expand...

This won't override for example php configurations if there is newer PHP version or bug fix? I just downloaded ISPConfig to check it and i saw that most configurations come with ISPConfig. Or did i overlooked something here with config files?

till said:

2) To be even more secure, partition your harddisk that you have at least separate /tmp and /var partitions.

4) You may run the PHP on your server as CGI and activate suExec if you think that you wont thrust the PHP safemode.

Click to expand...

It's not that i don't trust safe mode but it gives more problems (running scripts) then does good.
I read a nice discussion on some forum about how 'usefull' really is safemode plus how you can bypass it and so on...

This won't override for example php configurations if there is newer PHP version or bug fix? I just downloaded ISPConfig to check it and i saw that most configurations come with ISPConfig. Or did i overlooked something here with config files?

Click to expand...

The PHP and apache that comes with ISPConfig are not the software that is used to serve your webpages. The ISPConfig php and apache is only for the controlpanel webserver on port 81. You can use the update mechanism from DEBIAN without overriding any ISPConfig settings.